Red Hat Enterprise Linux (RHEL)

Negative DataRow Length in pgproto3 Leading to DoS
CVE-2026-4427 7.5 - High - March 19, 2026

A flaw was found in pgproto3. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message with a negative field length. This input validation vulnerability can lead to a denial of service (DoS) due to a slice bounds out of range panic.

out-of-bounds array index

libsoup Integer Underflow Buffer Overread
CVE-2026-2369 6.5 - Medium - March 19, 2026

A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leading to a buffer overread. This can allow an attacker to potentially access sensitive information or cause an application level denial of service.

Integer underflow

UB in libarchive Zisofs Decompressor Enables DoS via Malicious ISO
CVE-2026-4426 6.5 - Medium - March 19, 2026

A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field (`pz_log2_bs`) read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to incorrect memory allocation and potential application crashes, resulting in a denial-of-service (DoS) condition.

1335

libarchive Heap OOB Read via Craft RAR Archive
CVE-2026-4424 7.5 - High - March 19, 2026

A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction.

Out-of-bounds Read

libsoup HTTP/2 UAF Auth Failure & DoS
CVE-2026-4271 5.3 - Medium - March 17, 2026

A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the application attempting to access memory that has already been freed, potentially causing application instability or crashes, resulting in a Denial of Service (DoS).

Dangling pointer

libsoup CRLF Header Injection via Content-Type Header
CVE-2026-3634 3.9 - Low - March 17, 2026

A flaw was found in libsoup. An attacker controlling the value used to set the Content-Type header can inject a Carriage Return Line Feed (CRLF) sequence due to improper input sanitization in the `soup_message_headers_set_content_type()` function. This vulnerability allows for the injection of arbitrary header-value pairs, potentially leading to HTTP header injection and response splitting attacks.

CRLF Injection

CRLF Injection in libsoup's soup_message_new via unescaped method
CVE-2026-3633 3.9 - Low - March 17, 2026

A flaw was found in libsoup. A remote attacker, by controlling the method parameter of the `soup_message_new()` function, could inject arbitrary headers and additional request data. This vulnerability, known as CRLF (Carriage Return Line Feed) injection, occurs because the method value is not properly escaped during request line construction, potentially leading to HTTP request injection.

CRLF Injection

libsoup Hostname Validation Flaw Enabling HTTP Smuggling & SSRF
CVE-2026-3632 3.9 - Low - March 17, 2026

A flaw was found in libsoup, a library used by applications to send network requests. This vulnerability occurs because libsoup does not properly validate hostnames, allowing special characters to be injected into HTTP headers. A remote attacker could exploit this to perform HTTP smuggling, where they can send hidden, malicious requests alongside legitimate ones. In certain situations, this could lead to Server-Side Request Forgery (SSRF), enabling an attacker to force the server to make unauthorized requests to other internal or external systems. The impact is low, as SoupServer is not actually used in internet infrastructure.

Improper Validation of Syntactic Correctness of Input

Heap-based Overflow in GNU Binutils BFD Linker (CVE-2026-3441)
CVE-2026-3441 6.1 - Medium - March 15, 2026

A flaw was found in GNU Binutils. This heap-based buffer overflow vulnerability, specifically an out-of-bounds read in the bfd linker, allows an attacker to gain access to sensitive information. By convincing a user to process a specially crafted XCOFF object file, an attacker can trigger this flaw, potentially leading to information disclosure or an application level denial of service.

Out-of-bounds Read

BufOverflow bfd linker in GNU Binutils CVE-2026-3442
CVE-2026-3442 6.1 - Medium - March 15, 2026

A flaw was found in GNU Binutils. This vulnerability, a heap-based buffer overflow, specifically an out-of-bounds read, exists in the bfd linker component. An attacker could exploit this by convincing a user to process a specially crafted malicious XCOFF object file. Successful exploitation may lead to the disclosure of sensitive information or cause the application to crash, resulting in an application level denial of service.

Out-of-bounds Read

Infinite Loop in libarchive RAR5 Decompression causing DoS
CVE-2026-4111 7.5 - High - March 13, 2026

A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.

Infinite Loop

systemd Improper Access Control in D-Bus RegisterMachine
CVE-2026-4105 6.7 - Medium - March 13, 2026

A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.

Authorization

Libsoup Digest Auth Replay Vulnerability (nonce & nc tracking)
CVE-2026-3099 5.8 - Medium - March 12, 2026

A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track issued nonces or enforce the required incrementing nonce-count (nc) attribute. This vulnerability allows a remote attacker to capture a single valid authentication header and replay it repeatedly. Consequently, the attacker can bypass authentication and gain unauthorized access to protected resources, impersonating the legitimate user.

Reusing a Nonce, Key Pair in Encryption

Apache mod_proxy_cluster CRLF Injection (CVE-2026-3234)
CVE-2026-3234 4.3 - Medium - March 12, 2026

A flaw was found in mod_proxy_cluster. This vulnerability, a Carriage Return Line Feed (CRLF) injection in the decodeenc() function, allows a remote attacker to bypass input validation. By injecting CRLF sequences into the cluster configuration, an attacker can corrupt the response body of INFO endpoint responses. Exploitation requires network access to the MCMP protocol port, but no authentication is needed.

CRLF Injection

NFSv3 rpc.mountd Privilege Escalation via Directory Bypass (CVE-2025-12801)
CVE-2025-12801 6.5 - Medium - March 04, 2026

A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privileges assigned to it in the /etc/exports file at mount time. In particular, it allows the client to access any subdirectory or subtree of an exported directory, regardless of the set file permissions, and regardless of any 'root_squash' or 'all_squash' attributes that would normally be expected to apply to that client.

Incorrect Execution-Assigned Permissions

GVfs FTP Backend IP/Port Spoofing Allows Client Port Scanning
CVE-2026-28295 4.3 - Medium - February 26, 2026

A flaw was found in the FTP GVfs backend. A malicious FTP server can exploit this vulnerability by providing an arbitrary IP address and port in its passive mode (PASV) response. The client unconditionally trusts this information and attempts to connect to the specified endpoint, allowing the malicious server to probe for open ports accessible from the client's network.

SSRF

udisks Unprivileged LUKS Header Backup via D-Bus Policy Check Bypass
CVE-2026-26104 5.5 - Medium - February 25, 2026

A flaw was found in the udisks storage management daemon that allows unprivileged users to back up LUKS encryption headers without authorization. The issue occurs because a privileged D-Bus method responsible for exporting encryption metadata does not perform a policy check. As a result, sensitive cryptographic metadata can be read and written to attacker-controlled locations. This weakens the confidentiality guarantees of encrypted storage volumes.

AuthZ

udisks: Unprivileged D-Bus API allows LUKS header overwrite
CVE-2026-26103 7.1 - High - February 25, 2026

A flaw was found in the udisks storage management daemon that exposes a privileged D-Bus API for restoring LUKS encryption headers without proper authorization checks. The issue allows a local unprivileged user to instruct the root-owned udisks daemon to overwrite encryption metadata on block devices. This can permanently invalidate encryption keys and render encrypted volumes inaccessible. Successful exploitation results in a denial-of-service condition through irreversible data loss.

AuthZ

389-ds-base Heap Buffer Overflow in schema_attr_enum_callback
CVE-2025-14905 7.2 - High - February 23, 2026

A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting characters. When a large number of aliases are processed, this oversight can lead to a heap overflow, potentially allowing a remote attacker to cause a Denial of Service (DoS) or achieve Remote Code Execution (RCE).

Heap-based Buffer Overflow

QEMU VMDK OOB Read Leak or DoS
CVE-2026-2243 5.1 - Medium - February 19, 2026

A flaw was found in QEMU. A specially crafted VMDK image could trigger an out-of-bounds read vulnerability, potentially leading to a 12-byte leak of sensitive information or a denial of service condition (DoS).

Out-of-bounds Read

QEMU KVM Xen Guest Off-By-One heap OOB access in Xen physdev
CVE-2026-0665 6.5 - Medium - February 18, 2026

An off-by-one error was found in QEMU's KVM Xen guest support. A malicious guest could use this flaw to trigger out-of-bounds heap accesses in the QEMU process via the emulated Xen physdev hypercall interface, leading to a denial of service or potential memory corruption.

Memory Corruption

QEMU uefi-vars Buffer Size vs Transfer I/O Info Leak
CVE-2025-8860 3.3 - Low - February 18, 2026

A flaw was found in QEMU in the uefi-vars virtual device. When the guest writes to register UEFI_VARS_REG_BUFFER_SIZE, the .write callback `uefi_vars_write` is invoked. The function allocates a heap buffer without zeroing the memory, leaving the buffer filled with residual data from prior allocations. When the guest later reads from register UEFI_VARS_REG_PIO_BUFFER_TRANSFER, the .read callback `uefi_vars_read` returns leftover metadata or other sensitive process memory from the previously allocated buffer, leading to an information disclosure vulnerability.

Improper Removal of Sensitive Information Before Storage or Transfer

QEMU virtio-crypto AKCIPHER DoS via unchecked memory allocation
CVE-2025-14876 5.5 - Medium - February 18, 2026

A flaw was found in the virtio-crypto device of QEMU. A malicious guest operating system can exploit a missing length limit in the AKCIPHER path, leading to uncontrolled memory allocation. This can result in a denial of service (DoS) on the host system by causing the QEMU process to terminate unexpectedly.

Allocation of Resources Without Limits or Throttling

Fedora Linux: Kernel Lockdown Disabled, Unsigned Module Loading
CVE-2025-1272 7.7 - High - February 18, 2026

The Linux Kernel lockdown mode for kernel versions starting on 6.12 and above for Fedora Linux has the lockdown mode disabled without any warning. This may allow an attacker to gain access to sensitive information such kernel memory mappings, I/O ports, BPF and kprobes. Additionally unsigned modules can be loaded, leading to execution of untrusted code breaking breaking any Secure Boot protection. This vulnerability affects only Fedora Linux.

glibc Insufficient Entropy via getrandom/arc4random After Fork
CVE-2025-0577 4.8 - Medium - February 18, 2026

An insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of functions may return predictable randomness if these functions are called again after the fork, which happens concurrently with a call to any of these functions.

Insufficient Entropy

libsoup HTTP Range Header flaw may read arbitrary memory
CVE-2026-2443 5.3 - Medium - February 13, 2026

A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may improperly validate requested byte ranges. In certain build configurations, this could allow a remote attacker to access portions of server memory beyond the intended response. Exploitation requires a vulnerable configuration and access to a server using the embedded SoupServer component.

Out-of-bounds Read

BusyBox Tar Extraction Hardlink/Symlink Escalation Vulnerability
CVE-2026-26158 7 - High - February 11, 2026

A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is extracted with elevated privileges, this flaw can lead to privilege escalation, enabling an attacker to gain unauthorized access to critical system files.

External Control of File Name or Path

BusyBox: Archive Utils Path Traversal Enables Arbitrary File Overwrite
CVE-2026-26157 7 - High - February 11, 2026

A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the intended directory. This can lead to arbitrary file overwrite, potentially enabling code execution through the modification of sensitive system files.

External Control of File Name or Path

GnuTLS DoS via oversized SANs in certificates
CVE-2025-14831 5.3 - Medium - February 09, 2026

A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).

Inefficient Algorithmic Complexity

Keylime 7.12+ TLS Auth Bypass: Unauth Admin Ops
CVE-2026-1709 9.4 - Critical - February 06, 2026

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing agents, retrieving public Trusted Platform Module (TPM) data, and deleting agents, by connecting without presenting a client certificate.

Key Exchange without Entity Authentication

libsoup HTTP Request Smuggling via Malformed Chunk Headers
CVE-2026-1801 5.3 - Medium - February 03, 2026

A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerability arises from non-RFC-compliant parsing in the soup_filter_input_stream_read_line() logic, where libsoup accepts malformed chunk headers, such as lone line feed (LF) characters instead of the required carriage return and line feed (CRLF). A remote attacker can exploit this without authentication or user interaction by sending specially crafted chunked requests. This allows libsoup to parse and process multiple HTTP requests from a single network message, potentially leading to information disclosure.

HTTP Request Smuggling

SoupServer HTTP Request Smuggling via Chunked TE + Keep-Alive
CVE-2026-1760 5.3 - Medium - February 02, 2026

A flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs because SoupServer improperly handles requests that combine Transfer-Encoding: chunked and Connection: keep-alive headers. A remote, unauthenticated client can exploit this by sending specially crafted requests, causing SoupServer to fail to close the connection as required by RFC 9112. This allows the attacker to smuggle additional requests over the persistent connection, leading to unintended request processing and potential denial-of-service (DoS) conditions.

HTTP Request Smuggling

Libsoup Multipart HTTP Response Buffer Overflow CVE-2026-1761
CVE-2026-1761 8.6 - High - February 02, 2026

A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption. This issue may result in application crashes or arbitrary code execution in applications that process untrusted server responses, and it does not require authentication or user interaction.

Stack Overflow

Memory Leak in libxml2 xmllint Shell Leads to Local DoS
CVE-2026-1757 6.2 - Medium - February 02, 2026

A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.

Memory Leak

Proxy Auth Leakage in libSoup on Redirects
CVE-2026-1539 5.8 - Medium - January 28, 2026

A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different host. As a result, sensitive proxy credentials may be leaked to third-party servers. Applications using libsoup for HTTP communication may unintentionally expose proxy authentication data.

Insertion of Sensitive Information Into Sent Data

HTTP Header Injection in Libsoup via CRLF in Content-Disposition
CVE-2026-1536 5.8 - Medium - January 28, 2026

A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF (Carriage Return Line Feed) sequences into the header value. These sequences are then interpreted verbatim when the HTTP request or response is constructed, allowing arbitrary HTTP headers to be injected. This vulnerability can lead to HTTP header injection or HTTP response splitting without requiring authentication or user interaction.

CRLF Injection

GLib Unicode Case Conversion Integer Overflow Causes Out-of-Bounds Write
CVE-2026-1489 5.4 - Medium - January 27, 2026

A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.

Memory Corruption

Local DoS via GLib Content Type Parsing Buffer Underflow
CVE-2026-1485 2.8 - Low - January 27, 2026

A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.

buffer underrun

GLib Base64 Buffer Overflow via Integer Underflow
CVE-2026-1484 4.2 - Medium - January 27, 2026

A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.

Memory Corruption

CRLF Injection in libsoup Host Header via HTTP Proxy
CVE-2026-1467 5.8 - Medium - January 27, 2026

A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF (Carriage Return Line Feed) Injection, occurs when an HTTP proxy is configured and the library improperly handles URL-decoded input used to create the Host header. A remote attacker can exploit this by providing a specially crafted URL containing CRLF sequences, allowing them to inject additional HTTP headers or complete HTTP request bodies. This can lead to unintended or unauthorized HTTP requests being forwarded by the proxy, potentially impacting downstream services.

CRLF Injection

GnuTLS Stack Buffer Overflow in PKCS#11 Init Allows DoS/Code Exec
CVE-2025-9820 4 - Medium - January 26, 2026

A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.

Stack Overflow

Privilege Escalation Vulnerability in NetworkManager (CVE-2025-9615)
CVE-2025-9615 - January 26, 2026

A flaw was found in NetworkManager. The NetworkManager package allows access to files that may belong to other users. NetworkManager allows non-root users to configure the system's network. The daemon runs with root privileges and can access files owned by users different from the one who added the connection.

Improper Preservation of Permissions

RedHat CVE-2026-0810 gix-date::TimeBuf::as_str non-UTF8 UB
CVE-2026-0810 7.1 - High - January 26, 2026

A flaw was found in gix-date. The `gix_date::parse::TimeBuf::as_str` function can generate strings containing invalid non-UTF8 characters. This issue violates the internal safety invariants of the `TimeBuf` component, leading to undefined behavior when these malformed strings are subsequently processed. This could potentially result in application instability or other unforeseen consequences.

Incorrect Calculation of Multi-Byte String Length

Information Disclosure in Go Viper Mapstructure WeakDecode via Error Messages
CVE-2025-11065 5.3 - Medium - January 26, 2026

A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in security-critical contexts.

Generation of Error Message Containing Sensitive Information

CVE-2026-0988: Glib g_buffered_input_stream_peek Integer Overflow
CVE-2026-0988 3.7 - Low - January 21, 2026

A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).

Integer Overflow or Wraparound

libxml2 XML Catalog DoS via Repeated <nextCatalog> Recursion
CVE-2026-0992 2.9 - Low - January 15, 2026

A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated <nextCatalog> elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.

Resource Exhaustion

Denial-of-Service via Unbounded <include> Recursion in libxml2 RelaxNG Parser
CVE-2026-0989 3.7 - Low - January 15, 2026

A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested <include> directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.

Stack Exhaustion

libxml2 Uncontrolled Recursion in xmlCatalogXMLResolveURI Causing DoS
CVE-2026-0990 5.9 - Medium - January 15, 2026

A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.

Stack Exhaustion

vsftpd ls Cmd Integer Overflow Causing DoS
CVE-2025-14242 6.5 - Medium - January 14, 2026

A flaw was found in vsftpd. This vulnerability allows a denial of service (DoS) via an integer overflow in the ls command parameter parsing, triggered by a remote, authenticated attacker sending a crafted STAT command with a specific byte sequence.

Integer Overflow or Wraparound

libsoups WebSocket Frame OOB Read (CVE-2026-0716)
CVE-2026-0716 4.8 - Medium - January 13, 2026

A flaw was found in libsoups WebSocket frame processing when handling incoming messages. If a non-default configuration is used where the maximum incoming payload size is unset, the library may read memory outside the intended bounds. This can cause unintended memory exposure or a crash. Applications using libsoups WebSocket support with this configuration may be impacted.

Buffer Access with Incorrect Length Value